1. 技术文章
  2. AWS instance change to https

AWS instance change to https

扶醉桌前 提交于 2021-02-05 11:21:28

问题


We now use AWS to set up our website, we're recently trying to set up a page that will allow our customers to send emails to us. We set up an EC2 instance to work as an email server, but it runs on HTTP. Since our website works on HTTPS, ajax can't send HTTP messages and we have to make the EC2 instance run on HTTPS, but I don't know how to do that.

$.ajax({
    type: "POST",
    url: "https://ec2-*-*-*-*.*.compute.amazonaws.com/send",
    contentType: "application/json; charset=utf-8",
    beforeSend: function(request) {
        request.setRequestHeader("Access-Control-Allow-Origin", "*");
        request.setRequestHeader("Access-Control-Allow-Method", "POST");
    },
    async: true,
    data: JSON.stringify({
        "name": name,
        "email": email,
        "message": message
    }),
    traditional: true,
    error: function(xhr, status, error) {
        var errorMessage = xhr.status + ': ' + xhr.statusText
        alert('Error - ' + errorMessage);
    },
    success: function(result) {
        alert(" Good link");
    }
});

回答1:


There are generally three ways which you can use to setup SSL for your instance.

  1. Setup a load balancer (LB) in front of your EC2. For this you need your own custom domain. Having the domain, you can get free public SSL certificate from AWS ACM and deploy it easliy on the LB. With the LB, your app will connect to the LB using HTTPS. The the LB will forward the traffic to the instance as HTTP within the AWS internal network.

  2. Manually setup a valid, public SSL certificate on your instance. For that AWS ACM can't be used as in step 1, thus you need to get the SSL cert from a third party (not AWS). A popular choice is https://letsencrypt.org/ with https://certbot.eff.org/. Installation of the SSL on the instance would usually require setting up a reverse proxy, such as nginx. By the way, StackOverflow is using letsencyrpt for its own SSL cert.

  3. Setup a CloudFront (CF) distribution in-front of your EC2 instance. You can use custom domain with ACM SSL certificate on the CF distro, or you can use default CF endpoint which is also HTTPs. However, the issue here is that the traffic between CF and your instance will be HTTP across internet which is a security risk. To fix that you either have to setup valid SSL cert for HTTPs using step 1 or 2.



来源:https://stackoverflow.com/questions/65424188/aws-instance-change-to-https

标签
amazon-web-services
amazon-ec2
instance
易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!